Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/mmk8uAKZQuj8SS2VY9_HL42Nucs.roa
File:                     mmk8uAKZQuj8SS2VY9_HL42Nucs.roa (raw, json)
Hash identifier:          z+E7R44l4rc/m+D13V08JcaedEsczHhi+tff6M/1HFI=
Subject key identifier:   9A:69:3C:B8:02:99:42:E8:FC:49:2D:95:63:DF:C7:2F:8D:8D:B9:CB
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01966964B95C1F3880372D50F61292FF950A
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/mmk8uAKZQuj8SS2VY9_HL42Nucs.roa
Signing time:             Thu 24 Apr 2025 20:02:10 +0000
ROA not before:           Thu 24 Apr 2025 20:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216309
IP address blocks:        94.249.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 13:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:69:64:b9:5c:1f:38:80:37:2d:50:f6:12:92:ff:95:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 24 20:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a693cb8029942e8fc492d9563dfc72f8d8db9cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:27:05:49:27:cb:49:59:e4:dd:78:fb:8c:13:
                    1c:24:8f:7a:1e:c9:3c:9b:bd:87:b1:5b:41:fc:37:
                    f9:6d:88:0d:0f:9d:dc:08:e1:7e:b0:98:d6:64:b4:
                    2a:ca:c5:f3:6c:ad:9f:2a:2b:8f:44:14:d0:8d:96:
                    fa:92:96:70:bb:76:98:f4:e6:cf:ef:80:2c:73:e7:
                    98:f6:9a:b5:f5:6d:ff:6b:4a:88:5d:63:df:78:c3:
                    80:1e:ce:b2:99:97:9e:a9:55:97:be:9d:f5:f4:1b:
                    7c:0d:82:c9:a0:9f:55:58:48:71:fa:49:d7:80:29:
                    34:a5:69:31:fc:c7:18:be:ef:ed:29:cb:ce:a9:94:
                    1e:44:30:78:b3:73:a0:55:b2:12:91:f1:25:ae:b2:
                    8a:5b:fd:60:b8:ff:dc:b0:0d:ad:38:ce:05:d5:de:
                    a5:10:52:30:a9:06:73:02:6d:4b:2b:d4:c8:84:13:
                    0b:98:cc:ce:35:df:0d:2f:4d:5f:25:4c:53:22:b6:
                    51:e7:46:f1:f8:6e:63:76:c0:2f:be:c8:e1:51:6e:
                    be:ae:00:3a:9a:26:5e:76:2b:cc:a1:b9:ce:91:84:
                    4e:13:c1:84:80:e8:b4:29:33:1c:58:35:db:b1:b5:
                    c2:c5:29:6b:10:5e:4f:3e:50:04:44:82:92:9f:72:
                    58:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:69:3C:B8:02:99:42:E8:FC:49:2D:95:63:DF:C7:2F:8D:8D:B9:CB
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/mmk8uAKZQuj8SS2VY9_HL42Nucs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.249.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:3e:38:7b:55:46:27:7e:1b:91:23:8c:95:c2:93:0f:0c:6b:
         32:1a:68:62:97:a3:08:43:15:4c:e5:98:5f:c6:c1:45:ca:7d:
         77:f8:15:15:0b:7a:e7:51:71:c3:2f:50:7d:5c:9b:f6:52:9a:
         53:16:3d:91:48:d9:cf:99:9c:37:ca:cb:d3:a8:51:8d:2b:6d:
         6e:85:5e:89:14:1d:eb:c1:bc:9c:e5:e2:d4:ef:b0:62:26:68:
         b7:3f:93:d0:f6:4b:c7:4b:ff:b1:35:a1:fa:b7:d8:64:16:7f:
         75:78:b7:23:d1:46:d1:48:b2:94:b0:86:1d:bd:95:5d:54:42:
         f6:92:dd:51:d8:c9:30:c1:16:2d:ab:b9:fb:3e:db:06:4e:27:
         a2:5c:50:5c:71:bd:14:da:54:ea:fa:2a:41:28:33:e2:9d:4d:
         fc:7e:bd:a8:c5:bd:3d:32:2a:98:b8:97:41:78:ed:a5:6f:ce:
         1b:78:9f:bc:0b:3e:2a:c1:e8:59:87:2f:7c:4b:c2:4c:af:9a:
         e7:43:68:24:b5:03:a4:86:d5:b1:2b:0a:52:73:c8:1b:72:41:
         ca:fd:98:fb:a6:48:31:12:a9:b7:14:92:4d:a9:6b:77:a6:01:
         cd:ca:3c:3a:dc:e5:58:dc:b9:ff:d3:b4:f8:9e:5f:27:93:c6:
         0a:d3:6c:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZpZLlcHziANy1Q9hKS/5UKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDI0MjAwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTY5M2NiODAyOTk0MmU4ZmM0OTJkOTU2M2RmYzcyZjhkOGRiOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtycFSSfLSVnk3Xj7jBMcJI96Hsk8
m72HsVtB/Df5bYgND53cCOF+sJjWZLQqysXzbK2fKiuPRBTQjZb6kpZwu3aY9ObP
74Asc+eY9pq19W3/a0qIXWPfeMOAHs6ymZeeqVWXvp319Bt8DYLJoJ9VWEhx+knX
gCk0pWkx/McYvu/tKcvOqZQeRDB4s3OgVbISkfElrrKKW/1guP/csA2tOM4F1d6l
EFIwqQZzAm1LK9TIhBMLmMzONd8NL01fJUxTIrZR50bx+G5jdsAvvsjhUW6+rgA6
miZedivMobnOkYROE8GEgOi0KTMcWDXbsbXCxSlrEF5PPlAERIKSn3JYtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJppPLgCmULo/EktlWPfxy+NjbnLMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbW1rOHVBS1pRdWo4U1MyVlk5X0hMNDJOdWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvnnMA0G
CSqGSIb3DQEBCwUAA4IBAQCbPjh7VUYnfhuRI4yVwpMPDGsyGmhil6MIQxVM5Zhf
xsFFyn13+BUVC3rnUXHDL1B9XJv2UppTFj2RSNnPmZw3ysvTqFGNK21uhV6JFB3r
wbyc5eLU77BiJmi3P5PQ9kvHS/+xNaH6t9hkFn91eLcj0UbRSLKUsIYdvZVdVEL2
kt1R2MkwwRYtq7n7PtsGTieiXFBccb0U2lTq+ipBKDPinU38fr2oxb09MiqYuJdB
eO2lb84beJ+8Cz4qwehZhy98S8JMr5rnQ2gktQOkhtWxKwpSc8gbckHK/Zj7pkgx
Eqm3FJJNqWt3pgHNyjw63OVY3Ln/07T4nl8nk8YK02xL
-----END CERTIFICATE-----